Mind that download! Free phone apps deliver malware

Beware of those free phone apps.In a May 13, 2014, post I described how malware authors target Android phones. The McAfee Labs Threats Report for June 2014 (PDF) warns against downloading any of the many Flappy Bird clones that boomed in popularity after the original phone game was shut down by its author last February. Of the 300 clones analyzed by the company, 80 percent contained malware that made calls without the user's permission, extracted contact data, or transmitted the phone's geolocation data. Some of the apps sent, copied, or received SMS messages, and a few even gained root access to the phone, giving the app full control of the device, according to McAfee Labs.

Flappy Bird clones are far from the only threat to phone owners. The McAfee report describes three ways malicious apps profit from their surreptitious activities. One free download from the Google Play app store downloads, installs, and launches other apps on the device without the owner's permission. The developer gets paid for every unauthorized download. Another app stole money by taking advantage of a security flaw in a legitimate digital wallet service, and a third bypassed the encryption of the WhatsApp messaging program to help itself to the user's texts and photos.

Have you ever wondered how computer criminals profit from the data they steal from phones and computers? In a June 18, 2014, article on the Forbes Tech site, security researcher Wade Williamson explains the Underground Economy of Data Breaches. For example, the value of a stolen credit card number drops rapidly in the days after it is harvested through a data breach or by a piece of malware.

Williamson points out that computer security officials may stoke the market for stolen credit card numbers by overstating the value of the digits to online thieves. Even with the criminals' need for a quick turnaround, Symantec researchers estimate that for each individual payment card that is breached, the victimized business loses about $200.

Why privacy matters -- even for people who claim it doesn'tI admit it can be frustrating to write about threats to our privacy -- from government and business alike. The typical response is a form of "I don't care, I have nothing to hide."

Glenn Greenwald begs to differ. The journalist who received and published Eric Snowden's revelations about the National Security Agency's blanket surveillance program has a standard response to the people who tell him they aren't concerned about their privacy. He gives the person his email address and asks them to send him all their online account names and passwords so he can take a look for himself.

If you really think your online privacy isn't important, consider following the example of artist Hasan Elahi, who made sharing his life a full-time project after he was erroneously identified by the FBI as being involved in terrorist activities. As described on TED Ideas' "I share everything. Or do I?", Elahi created the Tracking Transience site that purportedly documented his every move.

In fact, Elahi's images of his meals, locations, and daily activities actually disclosed very little about him. The images are bereft of people and offer only subtle clues about what he's up to, who he's with, and how he feels. The message Elahi wants to share is that despite the increase in surveillance online and in the real world, we still maintain control over most of the personal information we disclose to the public.

Potential benefits of sharing personal informationLast week's inaugural edition of the Weekly Wakeup described Google co-founder Larry Page's claim that 100,000 lives could be saved if only we allowed the wealth of health-care information to be analyzed. It turns out, Google isn't particularly interested in getting into the health business.

Forbes' David Shaywitz wrote in a July 4, 2014, article that Page and his co-founder partner Sergey Brin are anything but bullish on the prospects of providing health-related services. According to Brin, the "regulatory burden in the U.S." dissuades entrepreneurs from entering the field.

Clearly there's a huge potential to save lives by analyzing the mountains of medical information collected about us by the health industry and others (including the information we collect about ourselves). I'd feel better about allowing access to my medical records if I could trust that the information wouldn't be used against me: by the insurance industry, the government, or anyone else.

An example of the benefits of health-data analysis is the work being done by former Google data scientist Dan Zigmond at food producer Hampton Creek. As Sarah Buhr describes in a July 3, 2014, article on TechCrunch, Zigmond is helping the company develop healthier, plant-based alternatives to red meat, refined grains, and fatty foods. The key is to create plant-based meals that taste as good as, and cost no more than, their less-healthy counterparts.

According to Buhr, Hampton Creek is preparing to release a "literal scrambled pea product that looks, tastes, and feels just like eggs." The company points out that increased consumption of plant-based foods offers benefits far beyond public health. Organic fruits and vegetables take much less of a toll on the environment than meat and "refined and processed foods," according to the company.

Those unconcerned with their online privacy may now have another good reason to eschew privacy-focused services. Wired's Kim Zetter explains in a July 3, 2014, article that the National Security Agency is reportedly targeting people who use such services as the Tor anonymizing product.

Zetter writes that journalists in Germany analyzed the source code for the NSA's XKeyscore system, which the agency uses to monitor Internet traffic. The journalists determined that simply searching for privacy tools online may cause the agency to label you an "extremist" and have your IP address added to the NSA database.

You may ask yourself, "Can the government do that?" Of course, the answer is, "The government can do whatever it pleases -- at least on the Internet." -- Dennis O'Reilly